Critical severityNVD Advisory· Published Aug 13, 2025· Updated Apr 15, 2026
CVE-2011-10015
CVE-2011-10015
Description
Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- aluigi.altervista.org/adv/cytel_1-adv.txtnvd
- raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/cytel_studio_cy3.rbnvd
- web.archive.org/web/20110301000000*/http://www.cytel.com/Software/StatXact.aspxnvd
- web.archive.org/web/20110708215826/http://www.cytel.com/Software/LogXact.aspxnvd
- web.archive.org/web/20110708215830/http://www.cytel.com/Software/StatXact.aspxnvd
- www.exploit-db.com/exploits/17930nvd
- www.exploit-db.com/exploits/18027nvd
- www.vulncheck.com/advisories/cytel-studio-cy3-file-stack-buffer-overflownvd
News mentions
0No linked articles in our index yet.